MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba
SHA3-384 hash:	a585cbfc62c3f6a0f36e46e8612c407636c11e7720e55b70c140743db430e19eb19d97b32694b30392f7354acdab2100
SHA1 hash:	0091156acac0e2061caf853644223152f164fe55
MD5 hash:	4bd60c62d8f5d0919c510e31a21e96bc
humanhash:	five-single-ten-march
File name:	c.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	834 bytes
First seen:	2025-09-11 05:29:34 UTC
Last seen:	2025-09-11 07:43:21 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:3J373ZeL1S73ZeCYK73ZerNIl5173Ze40LKF73ZeK+OFp73Ze3jMx73ZeZT073Zg:3J3o8Y9NI7UK9+ICj1TClWtgMnn
TLSH	T16301DEDC77F1629FEA08DE28E176809C9130B4C0326C0E66E9E50CF6D8D93097E65E79
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

48

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68c25e9c73287948292657e8/reports/c3837ec6-b428-4aed-bc6a-340a8a048390/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

text

First seen:

2025-09-10T09:41:00Z UTC

Last seen:

2025-09-10T09:41:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/b2f96c02-8922-40ee-a156-7441d44c5ac2

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba/

ReversingLabs TitaniumCloud Linux.Trojan.Vigorf

Threat name:

Linux.Trojan.Vigorf

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-09-10 17:56:26 UTC

File Type:

Text (Shell)

AV detection:

15 of 37 (40.54%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sc5laqz3geq3lbyif6g5dlc4zlc4cfkwnkhxqadr2ojgvm6vaw5a._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250911-f7nrtswkt3/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/90bab0433b3121b587082f8dd1ac5ccac5c115566a8f780071d3926ab3d505ba